FERPA Compliance in the AWS Cloud

July 24, 2020: The whitepaper Auditing Security Checklist in the list of additional resources has been replaced by a Cloud Audit Academy course.

The security of personally identifiable information (PII) continues to be an important topic among all sectors, and education is no exception. Covered entities subject to FERPA are turning to cloud computing as a highly efficient way to manage and secure vast amounts of educational records and student data. To bring clarity to securing student data and privacy, we published a FERPA Compliance on AWS whitepaper.

As background, the primary intent of the Family Educational Rights and Privacy Act (FERPA) is to protect student identities and the privacy of their student records related to educational records, PII, and directory information. Security is a core functional requirement of FERPA, requiring mission-critical information to be protected from accidental or deliberate theft, leakage, integrity compromise, and deletion. The FERPA Compliance on AWS whitepaper is designed to assist educational agencies and institutions that are considering the use of Amazon Web Services (AWS) for educational data.

This whitepaper contains guidance around 13 key services and tools to consider as you move student PII to the cloud, including firewalls, security logs, and encryption. The whitepaper also details relevant certifications in sectors also processing sensitive information. For additional questions around FERPA compliance in the cloud, contact an AWS Business Representative.

Additional resources

• US Department of Education – FERPA
• AWS Compliance Website
• AWS Compliance – Latest News
• Auditing Security Checklist for Use of AWS